Tag Archives: nhs

NHS Deepmind and the need for transparency in personal data use

The NHS Deepmind deal has been heavily criticised by the Information Commissioner’s Office (ICO) for serious privacy erosion that fell foul of the Data Protection Act

The deal, which shared NHS patient data of 1.6m people with Google’s AI company Deepmind, had “several shortcomings” including that patients were not adequately informed that their data would be used as part of the tests on an app designed to diagnose serious kidney injury.

Elizabeth Denham, Information Commissioner, said in a statement: “There’s no doubt the huge potential that creative use of data could have on patient care and clinical improvements, but the price of innovation does not need to be the erosion of fundamental privacy rights.

“Our investigation found a number of shortcomings in the way patient records were shared for this trial. Patients would not have reasonably expected their information to have been used in this way, and the Trust could and should have been far more transparent with patients as to what was happening.

“We’ve asked the Trust to commit to making changes that will address those shortcomings, and their co-operation is welcome. The Data Protection Act is not a barrier to innovation, but it does need to be considered wherever people’s data is being used.”

Deepmind has admitted that: “We were almost exclusively focused on building tools that nurses and doctors wanted, and thought of our work as technology for clinicians rather than something that needed to be accountable to and shaped by patients, the public and the NHS as a whole. We got that wrong, and we need to do better.”

There are two fundamental lessons here – and they will be applicable going forward as they are today.

The first is that privacy and innovation can live hand-in-hand. Access to better quality data is a huge boon for innovation across all sectors, but it has to be permissioned and not just handed over. That’s a fundamental human right of the people involved, as well as best practice for ensuring fully accurate data that has the most value. Greater transparency benefits us all.

The second is that users need to be in control of their data, not third parties. This is how situations like this are avoided – by giving individuals control over the data that is about, or created by, them.

In the digi.me world, it then becomes their choice, and theirs alone, what happens to that data. And that’s exactly as it should be.

NHS cyber attack shows perils of not holding our own personal data

The global cyber attack that hit huge corporations worldwide and paralysed much of the UK’s National Health Service showed one thing above all – how easily centralised siloes of data can be rendered obselete.

The Wanna Decryptor ransomware attack, which is believed to have affected more than 200,000 systems in over 100 countries, making it the biggest in history, locked computers and systems before holding files hostage until a ransom was paid.

This had a massive impact on hospital trusts across the UK, which were unable to access patient data for treatment, meaning they were forced to send patients away and cancel appointments.

This was far from an attack aimed at the NHS, as some initially feared – but it did show its vulnerabilities – and not just in using older Microsoft computers that hadn’t been patched to cover known security issues.

Rather, it emphasised the loss of control that we all have over our personal data, when instead of having a copy ourselves, it is held in giant siloes controlled by others. And, which may or not be significant in this case, tend to prove to be very attractive honeypot targets for hackers because of the wealth of data they contain.

If we each had a copy of our own health data, the impact on the NHS would have been minimised dramatically. Anyone turning up for treatment or an appointment could have shown the relevant diagnostic and prescription history from within their digi.me app, presumably enabling further action to go ahead instead of mass cancellations.

And this is not just talk of a brave new world – it’s on the cusp of reality, with both a new version of our app and an exciting project demoing just this experience due to be announced within weeks.

The world will never be free of those who want to disrupt, harm and make money through nefarious means. But if we have control over our own data, through the principles of the Internet of Me, we take away a great deal of their power – certainly in their capacity to bring chaos to our lives.